| ID |
CVE-2007-2698
|
| Summary |
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. The vendor has issued product updates to addresses these issues:
BEA WebLogic Server patches:
http://commerce.bea.com/showallversions.jsp?family=WLS
BEA WebLogic Platform patches:
http://commerce.bea.com/showallversions.jsp?family=WLP |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.0 (as of 29-07-2017 - 01:31) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| refmap
via4
|
| bea | BEA07-162.00 | | osvdb | 36071 | | sectrack | 1018057 | | vupen | ADV-2007-1815 | | xf | weblogic-config-information-disclosure(34286) |
|
| Last major update |
29-07-2017 - 01:31 |
| Published |
16-05-2007 - 01:19 |
| Last modified |
29-07-2017 - 01:31 |
